Another iOS 7 Bug Lets Anyone Make Calls From Locked iPhones--And This One Has No Quick Fix

Apple has yet to fix one nasty bug in the lockscreen of iOS 7, and the next one has already appeared.

On Friday, Karam Daoud, a 27-year old Palestinian living in the West Bank city of Ramallah, sent me the video above, showing how he's able to make a call to any number from a locked iPhone running iOS 7 by exploiting a vulnerability in its emergency calling function. The trick includes international calls and calls to premium numbers, is simple enough that any phone thief could easily take advantage of it, and unlike the first bug revealed in the iOS 7 lockscreen Thursday, there doesn't seem to be any immediate fix for users.

Anyone who gets physical access to a locked iPhone running iOS 7 can simply tap "Emergency" on the lock screen, which brings up an emergency calling screen. Then he or she can dial any number and rapidly tap the call button until the phone reverts to an empty screen with an Apple logo at the center and make the call to that number. says Daoud. "Once the black screen appeared, it was pretty clear that this is a bug," says Daoud. "You can dial a number anywhere, any time."

I tested this myself on two iPhone 5's running on different carriers, and it worked in both cases, although it took more than a minute of tapping the second time. Daoud has tested the trick on earlier iPhones running the latest version of Apple's mobile operating system, and says it works on them just as well.

Daoud, who runs a marketing and business development firm but has worked in the past as a bug tester for a mobile network company, says he's already contacted Apple's security team and described the flaw. After requesting more information and a video, an Apple contact wrote to him again to thank him for the information, telling him it would be fixed in an upcoming software update. I've also called Apple asking for more information and I'll update this post if I hear back from the company.

Daoud's bug is the second major flaw in the iOS 7 lockscreen to be revealed in just two days. The first, shared with me by a soldier living in Spain's Canary Islands named Jose Rodriguez, allows anyone to gain access to a locked phone's photos through its control center, including the ability to access the user's email, Twitter, Facebook page and Flickr account through the photo app's "share" functions.

Though the latest bug may create less potential for privacy violation, it may also be much harder for users to fix for themselves before Apple issues a software update. Users can block the photo-accessing bug by simply disabling access to iOS's control center from the lockscreen. As far as either I or Daoud could tell, there's no easy way to disable emergency calling on the iPhone, an option that I'd discourage for safety reasons even if it were possible.

Daoud says he appreciates Apple's response to his emails, but was slightly annoyed that the company ignored his request for a financial reward for exposing the lockscreen flaw and helping to get it fixed. Facebook and Google, by contrast, offer thousands of dollars for information about bugs in their software. (Although it's worth noting that Google doesn't pay bounties for Android flaws or for bugs related to its Motorola devices.) "I don't need the money...I would have been fine with them saying 'We're not Facebook, we don't pay rewards,' or whatever," says Daoud. "But instead unfortunately they just ignored that part of my email."

It's not the first time iOS's emergency calling screen has caused problems. Another lockscreen bypass trick used a flaw in the same feature in iOS 6.1 to gain full access to the phone's contacts and calling features.

And why does it seem that Apple has had such continuing trouble in locking down its lockscreen? Daoud says he's a loyal Apple fan, but argues the company has focused too many of its resources on adding new features to handsets, and not enough ensuring that their basic functions work. "I think this is a part of iOS that they're not paying much attention to," Daoud says. "They're more interested in copying Samsung on new things than fixing their bugs."